
Summary
The rule titled 'HackTool - Inveigh Execution Artefacts' is designed to detect the execution of the Inveigh tool, a network packet generator and a command-and-control mechanism often used in attacks targeting Windows environments. The detection mechanism leverages file event logs to monitor specific files associated with Inveigh's operation. This includes log files and executables such as 'Inveigh-Log.txt', 'Inveigh.dll', and 'Inveigh.exe'. When any of these files are created or modified, the rule triggers an alert indicating potential misuse of Inveigh, which can signify malicious activities like credential harvesting and network-based attacks. The rule prioritizes precision by filtering based on specific file names that are characteristic of Inveigh's output and operational artifacts, thus minimizing false positives, which are deemed unlikely.
Categories
- Windows
- Endpoint
Data Sources
- File
Created: 2022-10-24